- 0 Posts
- 12 Comments
0·3 months agoOh i know
I’m more blaming the system than the user. The system is designed to be as addicting as possible. Literally a century of addiction research into drugs and gambling, all used to squeeze every drop of engagement from the user
Anything to get that dopamine drip from the Black Rectangle
2·5 months agoBut it doesn’t have any built-in concept of users, write permissions, or authentication (except for commit signing)
Hosting an unauthenticated git repo would be the equivalent to an open ssh port with no password required
Not to mention collaborative things like issue tracking, PRs, forums, etc
I wonder if it’d be feasible to make a fediverse github
7·5 months agoWhy not fully silicone straws?
Waydroid doesn’t intend on supporting it. It’s a piece of code that checks for evidence of “tampering” (such as an unlocked bootloader, or root access), and sends those bits of data off to Google’s servers for verification
It’s antithetical to Waydroid and device freedom, and is used by banking apps for “security” reasons, as well as media apps for piracy reasons
And is a massive pain for anyone who root’s their devices
What about Play Integrity / Safetynet?
Yes, and no.
If the password is stored properly (hashed and salted), then a high entropy PW will make it nearly impossible for your PW to be extracted from a database dump / data leak
On the other end, if the PW is stored as plain-text, a high entropy PW is useless.
In between, a weak hash algorithm or no salt, a high entropy PW still makes it much harder to extract, but it depends
In general, 2FA is more secure, since it combines 2 different methods of authentication.
- something you know: password
- something you have: the 2FA token (usually on a phone)
This protects the service (as well as the user) against a broader range of attacks. Such as
- password reuse (which nearly everyone does)
- this is particularly bad, because you’re increasing the chance that a weakly designed system will have it’s data stolen, your reused PW and username included
- phising attempts
- somewhat
- low entropy passwords
- replay attacks
- since 2FA tokens are usually time bases (TOTP), they expire after a few minutes and can’t be reused if an attacker manages to intercept one
Among others
If history repeats itself, ES6 will be a completely different game to Skyrim
Everything complained about will he cut, nothing new will be added